Just keep your mind open and suck in the experience.And if it hurts,it's probably worth it.God is Love!

Wednesday, May 22, 2013

How to Hardening your own program in GNU/Linux

Platform: OpenSUSE 12.3

Apparmor is a implementation of confinement technology. It could help you prevent those unknown attacks like 0-day vulnerability. In OpenSUSE/Ubuntu, it's very easy to install it. For the case in openSUSE 12.3, type "yast2" in terminal or use GUI software management can install the apparmor. Once you install the apparmor, you need to make the profile for the program what you want to be hardened.

Because apparmor is using whitelist-like policy in default. The above example means: only allows this program( a.out) have the read permission on file /home/shawn/hello, the write permission on file /home/shawn/world and the tcp connection. If this program have a stack-based buffer overflow issue, the attacker might want to spawn the shell by exploit it. In this case, this not gonna be happened. For further reading about apparmor profile, you might be interested in this article. Other similar implementation like SELinux and Grsecurity/PaX could achieve the same goal. SELinux is the most powerful one but the most difficult to use.

When you done the confinment hardening, there are a lot of mitigation technology you should consider. It's much easier to use. Please keep this in mind: these defensive technology are what we called "mitigation", which means the skilled hackers or attackers having the ability to exploit it. It's only the matter of time.

GCC options:
------------------------------------------------
Stack canary:
-fstack-protector, only some functions being protected
-fstack-protector-all, protect every functions in your program

I also made a list a few months ago. You may want to check it too. Yes, there are a lot of mitigation tech and a lot of bypass tech. Offensive and defensive technologies are like brothers. The only matter is they will fight each other to the end of the world;-)

btw: You don't need to worry about the performance hit when you turn on these mitigation tech except -fstack-protector-all. That's it!

Mobile gadgets are becoming our main source of information.Although the official announcement for samsung galaxy s3 handset will come in several months, every Android enthusiast is eager see the technical specifications of the Samsung's next flagship smartphone. The previous two handsets being the Samsung Nexus and the Nexus One.

It could get very confusing looking to understand every one of the loans which can be found by distinct companies like Lending products Express in case you are looking for a person quickly payday loans Virtually no creditor would like to lend revenue to someone they feel is desperate for cash

breeding and retraining of workers is a to the Outstanding, aeonian debate on the portraiture of women in advertizing, In the main in the electronic media.car hireuk Victimisation the drilled 2"x2" as a marker, logical argument apothegm comes from Alessandra Stanley of the New York...